2012-05-15T10:49:36+01:00 Zend_Feed_Writer https://www.augwessex.org.uk/discussions/view/748 AUGW info@augwessex.org.uk https://www.augwessex.org.uk/ 2012-04-06T00:59:34+01:00 https://www.augwessex.org.uk/discussions/view/748#3293 Euan Williams info@augwessex.org.uk https://www.augwessex.org.uk/ Some members may have come across excited news of this Java trojan, others may already have downloaded Apple's system patch posted on Wednesday 4th April. The first tell-tale is a modified padlock picture in a system authorisation dialogue. If you see an odd-looking padlock, don't authorise. Prior to Lion OSX installed Java by default, and these users should take note. If you are running Lion (and have not installed Java, or have always kept it switched "off" in Safari security prefs) there is little to worry about. Others may be interested in this article -- which looks intimidating but is simple enough when used to confirm that you DON'T have a problem. If you DO have a problem proceed with extra caution. > http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml < Make sure you have read the whole article thoroughly, including "Additional Details" and then follow the instructions carefully, copying and pasting each Terminal command, checking the results and then moving to the next instruction indicated. Hopefully Apple will by now have used an automatic virus/trojan fix to your Mac for this malware. (Note that if you want to look inside the Safari.app (and other app bundles) you need to control-click the Safari icon in Applications, and look for the menu item "See Package Contents"). 2012-04-07T10:26:17+01:00 https://www.augwessex.org.uk/discussions/view/748#3294 Euan Williams info@augwessex.org.uk https://www.augwessex.org.uk/ CNET has posted a (slightly) more clear procedure (with a screen shot) for ridding infected Macs of the Flashback morph here: > http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-malware-from-os-x/?tag=mncol;txt < Happy Easter. 2012-04-08T09:34:22+01:00 https://www.augwessex.org.uk/discussions/view/748#3295 Eleanor Spenceley info@augwessex.org.uk https://www.augwessex.org.uk/ There's a another good article on Flashback here 2012-04-08T17:10:36+01:00 https://www.augwessex.org.uk/discussions/view/748#3296 Thomas Maude info@augwessex.org.uk https://www.augwessex.org.uk/ thanks Euan and Martin .....just reading now ....quick question .....in the preferences for both Safari and Firefox there is something call ' Javascript ' as well as 'Java' and a check box for both .......if I am going to turn off Java .....what about Javascript ? cheers Tom 2012-04-09T09:49:33+01:00 https://www.augwessex.org.uk/discussions/view/748#3297 Euan Williams info@augwessex.org.uk https://www.augwessex.org.uk/ It seems that the Flashback Trojan uses Java 'Applets', which in turn are Java Language programmes. Java 'Scripts' are embedded in web page HTML and carry out standard tasks such as collecting information on forms. Turning J-scripts off would be pretty limiting, whereas Java language is less immediately critical. See this discussion among others: http://www.htmlgoodies.com/beyond/javascript/article.php/3470971/Java-vs-JavaScript.htm "The main difference is that Java can stand on its own while JavaScript must (primarily) be placed inside an HTML document to function. Java is a much larger and more complicated language that creates "standalone" applications. A Java "applet" (so-called because it is a little application) is a fully contained program. JavaScript is text that is fed into a browser that can interpret it and then it is enacted by the browser--although today's web apps are starting to blur the line between traditional desktop applications and those which are created using the traditional web technologies: JavaScript, HTML and CSS." Apple's (double) system update should be a fix for the issue, so after making sure you don't have the Flashback trojan in your system (and getting rid of it if you have) make sure you have the system updates installed and keep an eye open for any further developments. 2012-04-09T10:17:17+01:00 https://www.augwessex.org.uk/discussions/view/748#3298 Eleanor Spenceley info@augwessex.org.uk https://www.augwessex.org.uk/ Java and Javascripts are totally different languages/technologies and have nothing in common except the usage of Java in their name. Turning off Javascript is a bad idea since most web pages generally have some Javascript embedded in them so will make the webpage function 'weirdly'. Turning off Java is a good idea since very few websites use it these days and as we've seen is a security risk. 2012-04-09T14:13:56+01:00 https://www.augwessex.org.uk/discussions/view/748#3299 Euan Williams info@augwessex.org.uk https://www.augwessex.org.uk/ TUAW have posted a simple utility to check whether Flashback.1 is present: See Para 2 on this page "a simple utility". Click to download. http://www.tuaw.com/2012/04/08/talkcast-tonight-10pm-et-fighting-flashback/ 2012-04-09T14:42:23+01:00 https://www.augwessex.org.uk/discussions/view/748#3300 Thomas Maude info@augwessex.org.uk https://www.augwessex.org.uk/ are you sure it doesn't install it !! ( joke ) thanks for the link Euan Tom 2012-04-09T14:51:03+01:00 https://www.augwessex.org.uk/discussions/view/748#3301 Thomas Maude info@augwessex.org.uk https://www.augwessex.org.uk/ Blistering Barnacles ! app works perfectly ..no virus found .........a thousand thanks for the link ....it's what numpty's like me need.....I had a go at the terminal command thing but couldn't do it. cheers Tom 2012-04-13T00:16:43+01:00 https://www.augwessex.org.uk/discussions/view/748#3307 Euan Williams info@augwessex.org.uk https://www.augwessex.org.uk/ There are now several Flashback.1 removal apps around, from f-secure, Kaspersky, etc. although the Kaspersly app has been temporarily withdrawn. Meantime Apple has posted (software update) a new version of Java which does the removal and offers better security. This is the third Java-related Apple update for Lion. Further details here: http://www.tuaw.com/2012/04/12/java-for-os-x-2012-003-update-kills-flashback-malware-available/ 2012-04-14T10:53:41+01:00 https://www.augwessex.org.uk/discussions/view/748#3310 Euan Williams info@augwessex.org.uk https://www.augwessex.org.uk/ Although Java is not automatically installed with OS X Lion it seems that Flashback can affect it anyway. It may be a false assumption to think you are immune without Java. Apple have posted this tool to check for and remove Flashback code from Lion (non Java) systems: http://support.apple.com/kb/DL1517 2012-04-24T21:16:59+01:00 https://www.augwessex.org.uk/discussions/view/748#3325 Euan Williams info@augwessex.org.uk https://www.augwessex.org.uk/ This morning the world woke to find a new variant of Flashback trojan: Flashback.S Credit: Intego anti-virus. Details here http://www.computerworld.com/s/article/9226521/New_sneakier_Flashback_malware_infects_Macs No formal fix yet, but if you have taken precautions already, hopefully it won't bring sudden death to your Mac. 2012-04-28T10:36:36+01:00 https://www.augwessex.org.uk/discussions/view/748#3332 Euan Williams info@augwessex.org.uk https://www.augwessex.org.uk/ Oracle are providing auto-updates for Java within OSX Lion from now on which should help malware resistance. See this article from ArsTechnica: http://arstechnica.com/apple/news/2012/04/oracle-updates-java-to-se-7-for-os-x-brings-full-jdk-support.ars?comments=1#comments-bar 2012-05-01T17:15:39+01:00 https://www.augwessex.org.uk/discussions/view/748#3338 Euan Williams info@augwessex.org.uk https://www.augwessex.org.uk/ Oh dear oh dear. Yet another Java villain has arrived, this time it uses Python scripts: http://nakedsecurity.sophos.com/2012/04/27/python-malware-mac/ If you have used your browser preferences to "stop" Java -- NB "JavaScript" is something quite different and is fine to use -- and have installed all the latest Apple updates there should be no problem. But note that Apple have NOT issued updates to close off these attacks in OSX versions earlier than 10.6 Snow Leopard. The Sophos page offers a simple, quick check to see if you have been compromised, and also free anti-virus software from Sophos for home users: http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx ClamXav is another free (open source) antivirus protector if you prefer to use that: http://www.clamxav.com/download.php The two AV software suites have been reviewed widely (see Google). 2012-05-06T14:52:17+01:00 https://www.augwessex.org.uk/discussions/view/748#3353 Euan Williams info@augwessex.org.uk https://www.augwessex.org.uk/ Anyone visiting the Oracle Mac Java update page may still find that it is under maintenance. It seems Apple are about to post two Java updates to bring themselves into line with the Oracle updater cycle: http://www.appleinsider.com/articles/12/05/05/apple_readies_final_in_house_java_updates_ahead_of_oracle_handoff.html "The updates, titled "Java for OS X 2012-004" and "Java for Mac OS X 10.6 Update 9," are to be the last Apple-tailored runtimes for OS X 10.6 and 10.7 before all Mac-centric Java development moves to Oracle." 2012-05-07T09:23:25+01:00 https://www.augwessex.org.uk/discussions/view/748#3354 Trevor Hewson info@augwessex.org.uk https://www.augwessex.org.uk/ Euan, does that mean that we will no longer be able to rely on Software Update to alert us when Java updates are needed? I know we can always rely on you of course :) 2012-05-15T10:49:36+01:00 https://www.augwessex.org.uk/discussions/view/748#3361 Euan Williams info@augwessex.org.uk https://www.augwessex.org.uk/ It seems so, which is a pity, but we may have to wait for Oracle to get things together. Many applications do auto-alerts for updates or check for them under a Help Menu item (Acrobat Reader, Onyx, etc.